AWS Security Hub Extended: A New Era of Unified Security
At re:Invent 2025, Amazon Web Services unveiled a significantly reimagined AWS Security Hub, consolidating AWS security services like Amazon GuardDuty and Amazon Inspector into a single, streamlined experience. This evolution continues with the launch of AWS Security Hub Extended, a plan designed to simplify the procurement, deployment and integration of full-stack enterprise security solutions.
Beyond AWS: Expanding the Security Ecosystem
AWS Security Hub Extended addresses a critical challenge for organizations: managing a complex web of security tools and vendors. The new plan allows businesses to extend their security portfolio beyond native AWS services, incorporating solutions from a curated selection of AWS Partners. These partners include 7AI, Britive, CrowdStrike, Cyera, Island, Noma, Okta, Oligo, Opti, Proofpoint, SailPoint, Splunk, Upwind, and Zscaler.
This curated approach aims to alleviate the burden of lengthy procurement cycles and vendor negotiations. AWS acts as the seller of record, offering pre-negotiated pay-as-you-travel pricing, a consolidated billing system, and eliminating the need for long-term commitments.
Unified Operations and Support
The benefits extend beyond simplified procurement. Security Hub Extended provides a unified security operations experience directly within the Security Hub console. AWS Enterprise Support customers also gain access to unified Level 1 support for all integrated solutions.
OCSF and Automated Aggregation
A key technical advancement is the standardization of security findings. All participating solutions emit data in the Open Cybersecurity Schema Framework (OCSF) schema. This allows for automatic aggregation of security findings within AWS Security Hub, enabling faster identification and response to risks that span multiple security layers.
Pro Tip: Leveraging the OCSF schema is crucial for maximizing the value of Security Hub Extended. It ensures consistent data formatting, simplifying analysis and correlation of security events.
Accessing and Deploying Partner Solutions
Partner solutions are readily accessible within the Security Hub console. Users can review and deploy any combination of curated offerings. Subscription initiates an automated onboarding process managed by each partner. Consumption-based metering is automatic, and billing is consolidated through Security Hub.
The Future of Cloud Security: Trends and Implications
The launch of Security Hub Extended signals a broader trend towards platform-centric security in the cloud. Organizations are increasingly seeking ways to simplify their security stacks and reduce the operational overhead associated with managing multiple point solutions. This move by AWS reflects a growing demand for integrated security experiences.
Did you recognize? The cybersecurity skills gap is widening, making it harder for organizations to effectively manage complex security environments. Integrated platforms like Security Hub Extended can support bridge this gap by automating tasks and providing a centralized view of security posture.
The Rise of XDR and Security Service Edge (SSE)
Security Hub Extended aligns with the growing adoption of Extended Detection and Response (XDR) and Security Service Edge (SSE) architectures. XDR solutions aim to correlate security data across multiple layers – endpoint, network, cloud – to provide more comprehensive threat detection and response. SSE focuses on securing access to cloud applications and data. The integration of partner solutions within Security Hub facilitates the implementation of these architectures.
AI-Powered Security Automation
The inclusion of partners specializing in AI-powered security solutions, like 7AI, suggests a future where artificial intelligence plays an even larger role in threat detection and response. AI can automate tasks such as vulnerability scanning, threat hunting, and incident triage, freeing up security teams to focus on more strategic initiatives.
Zero Trust Architectures and Identity-Centric Security
The presence of identity and access management (IAM) partners like Okta and SailPoint highlights the importance of Zero Trust architectures. Zero Trust assumes that no user or device is inherently trustworthy and requires continuous verification. Security Hub Extended can help organizations implement Zero Trust by providing visibility into user access and activity across their entire environment.
Frequently Asked Questions
Q: Is AWS Security Hub Extended available in all AWS Regions?
A: Yes, the AWS Security Hub Extended plan is generally available in all AWS commercial Regions where Security Hub is available.
Q: What pricing models are available for Security Hub Extended?
A: You can choose between flexible pay-as-you-go or flat-rate pricing, with no upfront investments or long-term commitments.
Q: How do I get started with AWS Security Hub Extended?
A: You can access the partner solutions directly within the Security Hub console.
Explore the AWS Security Hub User Guide for detailed information and to learn how to enhance your security posture.
Ready to take control of your cloud security? Share your thoughts and experiences with AWS Security Hub Extended in the comments below. Don’t forget to provide feedback to AWS re:Post for Security Hub to help shape the future of cloud security.
